WebDAV(Web Distributed Authoring and Versioning) is the extended framework of HTTP protocol which includes more features such as clients can connect to the web server and perform actions like a modification of files on the web server.
It works on port 80 and 443.So we can use web server ports as command and control channel to obtain the shell.To perform this attack download the WebDAVC2 tool Here.
Here I have used Kali Linux(Attacker Machine) and Victim Machine (Windows 10)
Git clone this repository:
Change directory into the WebDavC2 folder:
Give the execution permission to the script:
Must Read Complete Kali Tools tutorials from Information gathering to Forensics
NOTE: This script uses PROPFIND feature of WebDev used to retrieve remote system.
Therefore WebDev can be used as the C2 communication channel to maintain access to victim machine or delivering malicious payloads.Happy Hacking !!!
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a…
The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department,…
Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a…
Researchers observed a recent surge in activity from the "FICORA" and "CAPSAICIN," both variants of…
The watering hole attack leverages a compromised website to deliver malware. When a user visits…
The NFS protocol offers authentication methods like AUTH_SYS, which relies on untrusted user IDs, and…